Tuesday, February 12, 2008

All kernels in -Current as well as in -Stable has been upgraded to the latest version which has been patched to fix splice vulnerabilities that affected all kernel version from 2.6.17 and above. The -Current gets 2.6.23.26 while the -Stable gets the patch for 2.6.21.15.

Here's the changelog:

Mon Feb 11 17:47:58 CST 2008a/kernel-generic-2.6.23.16-i486-1.tgz:Upgraded to Linux 2.6.23.16 uniprocessor generic.s (requires initrd) kernel.All of these kernel upgrades fix yesterday's local root exploit.The kernel headers did not change, so a glibc rebuild is not required.For more information, see:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0010http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0163http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600(* Security fix *)If you use lilo, don't forget to run it again after the upgrade.